0patch Central

Mitja Kolsek -

0patch Central (https://central.0patch.com) is a web application that allows 0patch users to centrally monitor and manage their 0patch Agents. Available features depend on whether the account is Enterprise-enabled or not.

 

mceclip0.png

 

 

Computers

The Computers page allows you to monitor and manage 0patch Agents across your computers.

 

mceclip3.png

 

Groups

In an Enterprise-enabled account, computers can be organized in an arbitrary number of groups, subgroups, sub-subgroups, etc., built on top of the root group called All Computers. Computers can be moved from one group to another, either individually or as a bulk operation. Each newly registered 0patch Agent lands in the All Computers group.

In a non-Enterprise account, there is just one group, All Computers, where all computers with 0patch Agent reside.

The Computers page shows some high-level data about the currently selected group on top, and group content and configuration - such as computers in the group, group's patching policy, and group settings - on bottom. This is where most of the action is.

 

COMPUTERS Tab

 

mceclip4.png

 

The COMPUTERS tab lists computers in the chosen group with 0patch Agent installed. The Status column shows whether the agent is enabled (green dot) or disabled (red dot), and the Patches column provides the number of currently relevant patches for this computer.

This tab also allows you to perform actions on listed computers, such as:

  • moving selected agents to another group (Enterprise accounts only)
  • updating selected agents to the latest version (Enterprise accounts only)
  • enabling or disabling selected agents (Enterprise accounts only)
  • deleting selected agents from 0patch Central

You can search computers by their name, Windows version, or IP address, and you can filter them by agent version, last agent sync time, and agent status.

The Hide Computers in Subgroups checkbox allows you to select whether you want to see computers from the current group only, or also from all subgroups. This comes especially handy in the All Computers group where you may want to perform actions on all computers in your organization regardless of which groups they are in (uncheck the Hide Computers in Subgroups checkbox).

To perform actions on computers, you can select any number of those listed, or check the Select All checkbox and select all computers that match the search and filter criteria.

Clicking on the computer name opens up a window showing details about the computer, including all patches currently relevant for it, i.e., patches that are currently getting applied on this computer whenever some process loads a module we have a patch for.

 

PATCHES Tab

 

mceclip0.png

 

The PATCHES tab lists all patches that are currently relevant on at least one computer in the group, including all subgroups. The Status column shows whether the patch is enabled (green dot) or disabled (red dot), and the Modules column provides the name of the executable module (e.g., awt.dll) the patch applies to

This tab also allows you to decide which patches you want enabled or disabled on all computers in this group. This effectively presents an important part of the patching policy for this group. You can't enable or disable patches individually for each computer, only for an entire group. (If you need to enable or disable certain patches on a single computer, you can always put it in a temporary subgroup, make the changes there, and later return the computer to the original group.)

On this tab, you can search patches by their CVE ID, executable module name, or description; or filter them by their enabled/disabled state.

To perform actions on patches, you can select any number of those listed, or check the Select All checkbox and select all patches that match the search and filter criteria. Available actions are:

  • Enable
  • Disable
  • Inherit from parent group (not available in the All Computers group)

By selecting the Inherit from parent group option, selected patches will be enabled when they're enabled in the parent group, and disabled when they're disabled in the parent group. Should any of such patches also be set to Inherit from parent group in the parent group, their state will be inherited from the grandparent group, and so forth up to the All Computers group.

 

SETTINGS Tab

 

mceclip1.png

 

The SETTINGS tab allows you to configure two settings for the current group:

  1. Default state for new patches: This setting applies to new patches that will be issued by 0patch in the future and may be relevant to computers in this group. If set to Enabled, any future patches we issue will be enabled in this group, and therefore immediately applied to computers in this group. If set to Disabled, future patches will start off being disabled, and will have to be manually enabled via the PATCHES tab in order to start getting applied to computers in this group. Finally, if set to Inherit from parent group, the Default state for new patches setting from the parent group will be honored.
  2. Update agents automatically: This setting specifies whether 0patch Agents in this group are to immediately and automatically self-update as soon as 0patch issued a new agent version (approximately once a year). While we recommend automatic agent updating when possible, we understand that some organizations prefer to more closely manage software updates. When automatic updates are disabled, agents will need to be updated manually.
    Note: when 0patch Agent is deployed via Group Policy Objects, we recommend disabling automatic agent updates and also updating the agent via Group Policy, because self-updating may get blocked by Windows, potentially leaving the agent in a dysfunctional state.

 

 

Account

The Account page provides information relevant to your account.

 

mceclip2.png

  • Account name: You can edit your account name, which is displayed in 0patch Console on all computers in your account.
  • Account key: Account key is a unique string assigned to your account, and can be used for automatic registration of newly-installed 0patch Agents during silent installation. (See 0patch Agent User Manual for details.)
  • License use: This chart shows you how many valid licenses you currently have in your account ("Bought") versus the number of agents that are assigned these licenses ("Used"). If the latter exceeds the former, you need to purchase additional licenses or delete some agents from 0patch Central.
  • LICENSES tab: View the list of all your licenses.
  • INVOICES tab: List all your invoices.

 

 

 

Dashboard

The Dashboard shows current notifications and various high-level data about your 0patch Agents. Dashboard is only available in Enterprise-enabled accounts.

 

mceclip2.png

 

Notifications

Notifications are currently relevant messages that alert you about some situation or state you might want to address, such as: some agents haven't synced in a long time, some agents are disabled (you might have disabled, and forgot to re-enable them), or some agents haven't been upgraded to the latest version yet.

 

Statistics

High-level statistics tell you how many agents you have in how many groups, and how many different patches have been applied across your agents since your had opened the account.

 

License Use

The License Use chart shows you how many valid 0patch licenses you currently have in your account versus how many registered agents you have.

 

Active Agents

The Active Agents pie chart shows you how many of your active agents (those regularly syncing) are enabled, and how many disabled.

 

Latest Syncs

The Latest Syncs pie chart shows you how your agents are syncing. Normally, an agent on an Internet-connected computer should be able to sync once every hour (green). Agents on computers that got shut down overnight appear blue, while those that last synced in the last 30 days appear orange - which can be normal for computers that only get turned on once every few weeks for special operations, or laptops that aren't used every day. Agents that haven't synced in over 30 days appear red, indicating that there may be a connectivity problem there preventing 0patch Agent from contacting the server, or that the computer has been decommissioned and should therefore be deleted from 0patch Central to release its license.

 

Agent Versions

The Agent Versions chart shows you versions of your 0patch Agents. Agents of the latest version are marked green, agents of non-latest but still supported version are shown in orange, and agents that are not supported anymore appear red. We recommend keeping 0patch Agents updated to the latest version to maintain access to the latest features and bug fixes.

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.